Home » Php » php – Lithium and validating complex form inputs – how?

php – Lithium and validating complex form inputs – how?

Posted by: admin July 12, 2020 Leave a comment


I’ve done quite a few Lithium tutorials (links below in case they help someone else, and also to show I’ve done my homework:) and I understand the most basic parts of creating models, views, controllers and using MVC to create a DB record based on form input.

However, I’m new to MVC for webapps and Lithium, and I’m not sure how I should write my code in more complicated situations. This is a general question, but two specific validation questions that I have are:

  • How should I validate date data submitted from the form?
  • How should I check that the two user email fields have the same value?

I would be very grateful for any help with these questions, and concrete examples like this will also really help me understand how to do good MVC coding in other situations as well!

Date entry – validating data split across multiple form inputs

For UI reasons, the sign up form asks users to enter their DOB in three fields:

<?=$this->form->field('birthday', array('type' => 'select', 'list' => array(/*...*/))); ?>
<?=$this->form->field('birthmonth', array('type' => 'select', 'list' => array(/*...*/))); ?>
<?=$this->form->field('birthyear', array('type' => 'select', 'list' => array(/*...*/))); ?>

What is the best way to validate this server-side? I think I should take advantage of the automagic validation, but I’m not sure of the best way do that for a set of variables that aren’t really part of the Model. E.g.:

  • Should I post-process the $this->request->data in UsersController? E.g. modify $this->request->data inside UsersController before passing it to Users::create.
  • Should I pull the form fields out of $this->request->data and use a static call to Validator::isDate inside UsersController?
  • Is there a way to write a validation rule in the model for combinations of form variables that aren’t part of the model?
  • should I override Users::create and do all the extra validation and post-processing there?

All of these seem like they could work, although some seem a little bit ugly and I don’t know which ones could cause major problems for me in the future.

[EDIT: Closely related to this is the problem of combining the three form fields into a single field to be saved in the model]

Email entry – checking two form fields are identical, but only storing one

For common sense/common practice, the sign up form asks users to specify their email address twice:

<?=$this->form->field('email_address'); ?>
<?=$this->form->field('verify_email_address'); ?>

How can I write an automagic validation rule that checks these two form fields have the same value, but only saves email_address to the database?

This feels like it’s pretty much the same question as the above one because the list of possible answers that I can think of is the same – so I’m submitting this as one question, but I’d really appreciate your help with both parts, as I think the solution to this one is going to be subtle and different and equally enlightening!

[EDIT: Closely related to this is the problem of not storing verify_email_address into my model and DB]

Some background reading on Lithium

I’ve read others, but these three tutorials got me to where I am with users and sign up forms now…

Some other StackOverflow questions on closely related topics (but not answering it and also not Lithium-specific)

  • One answer to this question suggests creating a separate controller (and model and…?) – it doesn’t feel very “Lithium” to me, and I’m worried it could be fragile/easily buggy as well
  • This wonderful story convinced me I was right to be worried about putting it in the controller, but I’m not sure what a good solution would be
  • This one on views makes me think I should put it in the model somehow, but I don’t know the best way to do this in Lithium (see my bulleted list under Date Entry above)
  • And this Scribd presentation asked the question I’m hoping to answer on the last page… whereupon it stopped without answering it!

NB: CakePHP-style answers are fine too. I don’t know it, but it’s similar and I’m sure I can translate from it if I need to!

How to&Answers:

I’d recommend doing this in the Model rather than the Controller – that way it happens no matter where you do the save from.

For the date field issue, in your model, override the save() method and handle converting the multiple fields in the data to one date field before calling parent::save to do the actual saving. Any advanced manipulation can happen there.

The technique described in your comment of using a hidden form field to get error messages to display sounds pretty good.

For comparing that two email fields are equal, I’d recommend defining a custom validator. You can do this in your bootstrap using Validator::add.

use lithium\util\Validator;
use InvalidArgumentException;

Validator::add('match', function($value, $format = null, array $options = array()) {
    $options += array(
        'against' => '',
        'values' => array()
    if (array_key_exists($against, $values)) {
        return $values[$against] == $value;
    return false;

Then in your model:

public $validates = array(
    "email" => array(
        "message" => "Please re-type your email address.",
        "against" => "email2"

Edit: Per the comments, here’s a way to do custom rule validation in a controller:

public function save() {
    $entity = MyModel::create($this->request->data);
    $rules = array(
        "email" => array(
            "message" => "Please re-type your email address.",
            "against" => "email2"

    if (!$entity->validates($rules)) {
        return compact('entity');

    // if your model defines a `$_schema` and sets `$_meta = array('locked' => true)`
    // then any fields not in the schema will not be saved to the db

    // here's another way using the `'whitelist'` param
    $blacklist = array('email2', 'some', 'other', 'fields');
    $whitelist = array_keys($entity->data());
    $whitelist = array_diff($whitelist, $blacklist);

    if ($entity->save(null, compact('whitelist'))) {
            array("Controller::view", "args" => array($entity->_id)),
            array('exit' => true)

    return compact('entity');

An advantage of setting the data to the entity is that it will be automatically prefilled in your form if there’s a validation error.